The Managing Electronic Records Conference put on by Cohasset Associates was a very good experience. I attended as a student volunteer, and I met several persons in schools similar to our iSchool across the country, as well as vendors, consultants, professionals, and so on.
Electronic records aren’t exactly a recent interest of mine- I’ve been looking into retention schedules and how they might impact my job for some time. I’ve also had an interest in privacy and security. Recently, though, as I’ve been looking into archives and electronic records, the records management issues both at work and in the world have affected the way I examine these other issues.
Two stories from BNA’s Internet Law News today caught my interest:
Industry, Others Object to Data Retention
The story is about Alberto Gonzales’ call for greater records retention on the part ISPs. Once again, the excuses for this proposed action come from increased law enforcement powers related to terrorism and child pornography. However, ISPs are noting that there are security, privacy, technical and other issues related to this proposal. Government has been very much failing in privacy-related matters recently. This particular matter also affects ISPs such as universities and libraries, and many of these institutions as a matter of regular operation don’t keep transitory logs, for good reason. The privacy of students and patrons is incredibly important, as both a matter of established law and institutional or professional values. We haven’t really seemed to have good public discussions about privacy and why people should care about privacy, related to abuse, dignity, and so on. That type of talk needs to be part of the decision-making process.
We’re also constantly bombarded with one of the risks of records retention: stolen and lost information, and the risk of identity theft. See the second story from BNA News, Toronto Firm at Center of Security Breach. A piece of equipment that had the names and social security numbers of 1.3 MILLION students has been lost. These aren’t Canadian students, either- they’re students who borrowed from a Round Rock, TX based loan institution. Yes, just next to Austin. So, what are the risks to keeping even more personal information that wouldn’t have been kept in the first place? Privacy and data protection laws exist for a reason. They’re not just to limit cost and liability, although those certainly affect businesses. We really need a full understanding of the possibly harms that could come from such a law, instead of the rush from certain members of Congress to pass these things through.
Of course, there are also many procedural issues. Laws that affect records exist at both the federal (Sarbones-Oxley, FERPA) and state (library, government records) levels. There are also regulatory and legal concerns that govern record keeping behavior. These would need to be reconciled with such a broad change.